Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel

1,873 views

Published on

EPT-Based Sub-page Write Protection referred to as SPP, it is a capability which allow Virtual Machine Monitors(VMM) to specify write-permission for guest physical memory at a sub-page(128 byte) granularity. When this capability is utilized, the CPU enforces write-access permissions for sub-page regions of 4K pages as specified by the VMM. EPT-based sub-page permissions is intended to enable fine-grained memory write enforcement by a VMM for security(guest OS monitoring) and usages such as device virtualization and memory check-point.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel

  1. 1. 1 EPT-Based Sub-Page Protection On Xen Yi Zhang <yi.z.zhang@linux.intel.com>
  2. 2. 2 Agenda  Overview  Implementation  User Cases  Q/A
  3. 3. 3 EPT-Based Sub-Page Protection Design 3 SPP Overview EPT-Based Sub-Page Protection (SPP) - Allow write-protecting guest physical memory at a sub-page (128byte) granularity 4K Page Original Page Write-Protection Granularity EPT-Based SPP With SPP 128 byte ··· 32 × 128 byte Sub Pages
  4. 4. 4 EPT-Based Sub-Page Protection Design 4 Implementation  Sub-page protection overall picture  Sub-page permission table  Sub-page permission table pointer  Sub-page permission table induced VM Exit  Sub-page permission table capability  Sub-page permission table enforcement  Hypercalls to set/get Sub-Page Write Protection
  5. 5. 5 EPT-Based Sub-Page Protection Design 5 Guest Physical Address (GPA) Original EPT: EPT-Based SPP Walk EPT 1 EPT leaf entry Writable? Y N Write access to page Write access denied GPA Walk EPT 1 1 61 EPT leaf entry Writable? Y Write access to page Walk SPP Table SPP table pointer in VMCS 1 0 0 1 63 ··· 2 128 byte 128 byte ··· Physical Page Allow Deny SPPT L1E format 0+2i : sub-page write access 1+2i : reserved 1 N VM_exit
  6. 6. 6 EPT-Based Sub-Page Protection Design 6 Sub-page Permission Table (SPPT)  Sub-page Permission Table • 4-level paging structure • Set up by hypervisor • Walked by hardware  Sub-page Permission Table Pointer • 64-bit control field on VMCS • Point to the SPPT L4 table
  7. 7. 7 EPT-Based Sub-Page Protection Design 7 Sub-page Permission Table (SPPT)  Most like EPT table, the SPPT L4E L3E L2E format are defined as below figure: | :------------------ | :-------------------------------------------------------------------------------------------------------- | | Bit | Contents | | :------------------ | :-------------------------------------------------------------------------------------------------------- | | 0 | Valid entry when set; indicates whether the entry is present | | 11:1 | Reserved (0) | | N-1:12 | Physical address of 4K aligned SPPT LX-1 Table referenced by the entry | | 51:N | Reserved (0) | | 63:52 | Reserved (0) | | :------------------ | :-------------------------------------------------------------------------------------------------------- |  The SPP L1E format is defined as below figure: | :------------------ | :-------------------------------------------------------------------------------------------------------- | | Bit | Contents | | :------------------ | :-------------------------------------------------------------------------------------------------------- | | 0+2i | Write permission for i-th 128 byte sub-page region. | | 1+2i | Reserved (0). | | :------------------ | :-------------------------------------------------------------------------------------------------------- | Note: `0<=i<=31`
  8. 8. 8 EPT-Based Sub-Page Protection Design 8 Sub-page permission table induced VM Exit An SPPT paging-structure entry contains an unsupported value during SPPT lookup. SPPT paging-structure entries are not present during SPPT lookup. • SPP Misconfiguration • SPP Miss • EPT violation VM Exits due to SPPT Memory writes that consult but are not permitted by the SPPT cause EPT violations normally. NOTE SPP Vm Exits reason value is 66. SPP Misconfiguration and SPP Miss Vm Exits can be told by exit qualification bit 11, set for SPP Miss, cleared for SPP Misconfig.
  9. 9. 9 EPT-Based Sub-Page Protection Design 9 Sub-page Permission Table View SPPTP SPP miss SPP missconfig setup spp table 0 EPT violation not present unsupported value
  10. 10. 10 EPT-Based Sub-Page Protection Design 10 Sub-page permission table capability IA32_VMX_PROCBASED_CTLS2 Secondary Proc-Based VM-Execution Controls MSR 0x48b 031 23 SPP Bit Capability on VMX MSR Enabling on VMCS Control fields bit [23] = 1 SPP is globally enabled
  11. 11. 11 EPT-Based Sub-Page Protection Design 11 Sub-page permission table enforcement • Bit 61 of an EPT PTE is changed to “Sub-Page Permission” (SPP bit). • Setting this bit allows write permissions for the page to be enforced on a sub-page basis . EPT leaf paging-structure entries 63 61 physical address of page N-1 12 02 SPP physical page Set to act on
  12. 12. 12 EPT-Based Sub-Page Protection Design 12 Hypercalls to set/get Sub-Page Write Protection: • Defined 2 hypercalls to set/get subpage write protection bitmap per gfn, each gfn corresponds to a bitmap. • The host management application, xl, or some other security control daemon. will set the protection bitmap via this pair of hypercall.
  13. 13. 13 EPT-Based Sub-Page Protection Design 13 User Case Ⅰ Security data structure protection 4K PageAllocated User Data U32 Protected_bitmap User ID Un-Protected Protected 32 × 128 byte Sub Pages Private Key Mobile Number Public Email Billing Infor Name … Protected Un-Protected Un-Protected Protected Un-Protected Origin 4K page
  14. 14. 14 EPT-Based Sub-Page Protection Design 14 User Case Ⅰ VM 4K Page User ID Private Key Mobile Number Public Email Billing Infor Name … Origin 4K page EPT table SPP table Client write Approve VM Exit VMM HPA User ID Security check Denied write
  15. 15. 15 EPT-Based Sub-Page Protection Design 15 User Case Ⅱ Device mmio space protection 4K Page dev mmio space U32 Protected_bitmap Sensitive Reg Set[0] Un-Protected Protected 32 × 128 byte Sub Pages Sensitive Reg Set[2] Public Reg Set[...] Public Reg Set[3] Sensitive Reg Set[31] Public Reg Set[1] … Protected Un-Protected Un-Protected Protected Un-Protected 4K mmio space
  16. 16. 16 EPT-Based Sub-Page Protection Design 16 User Case Ⅱ EPT table SPP table public register set sensitive register set Device GPA VM ApproveTrap & Emulate VM Exit
  17. 17. 17 EPT-Based Sub-Page Protection Design 17 Resource Intel SDM: https://software.intel.com/sites/default/files/managed/c5/15/architecture-instruction-set- extensions-programming-reference.pdf Xen Patch link: https://lists.xenproject.org/archives/html/xen-devel/2017-10/msg02215.html KVM Patch link: https://lkml.org/lkml/2017/10/13/460
  18. 18. Q & A

×